WAS与IHS结合时如何配置SSL
本Blog所有内容不得随意转载,版权属于作者所有。如需转载请与作者联系( [email protected] )。
未经许可的转载,本人保留一切法律权益。
一直以来,发现有某些人完全不尊重我的劳动成果,随意转载,提醒一下那些人小心哪天惹上官司。
以前写给别人的邮件内容,讲述了WAS与IHS结合时如何配置SSL,分享给大家,也算是自己备忘一下。
對於HTTS的配置,具體操作步驟如下:
未经许可的转载,本人保留一切法律权益。
一直以来,发现有某些人完全不尊重我的劳动成果,随意转载,提醒一下那些人小心哪天惹上官司。
以前写给别人的邮件内容,讲述了WAS与IHS结合时如何配置SSL,分享给大家,也算是自己备忘一下。
對於HTTS的配置,具體操作步驟如下:
1.使用IHS自帶的ikeyman工具,新建一個key database file.
選擇類型為:CMS
選擇personal certificates,然後單擊new self-signed...按鈕,創建一個自簽署的認證.
2,修改IHS的httpd.conf檔案,添加對443 port的listen.內容如下:
# SSL config
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 443
<VirtualHost *:443>
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
<IfModule mod_ibm_ssl.c>
Listen 443
<VirtualHost *:443>
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
# keyFile為第一步中產生的file的全路徑名.
KeyFile "C:/Program Files/IBM/HTTPServer/key.kdb"
KeyFile "C:/Program Files/IBM/HTTPServer/key.kdb"
3,通過WAS admin console重新啟動IHS,或通過其它方式重啟IHS.
更多詳細資訊,可參考IBM的相關紅寶書.
Note:請確保WAS與IHS之間有SSL連接的通道,一般為9043等此類的port,請查看plugin-cfg.xml中的相關配置.如下例:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--HTTP server plugin config file for the webserver ing-4Node01Cell.ing-4Node01.webserver generated on 2007.08.23 at 02:34:23 PM CST-->
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="C:\Program Files\IBM\WebSphere\Plugin/logs/webserver/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="server1_ing-4Node01_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="ing-4Node01_server1" ServerIOTimeout="0" WaitForContinue="false">
<Transport Hostname="ing-4" Port="9080" Protocol="http"/>
<Transport Hostname="ing-4" Port="9443" Protocol="https">
<Property Name="keyring" Value="C:\Program Files\IBM\WebSphere\Plugin/config/webserver/plugin-key.kdb"/>
<Property Name="stashfile" Value="C:\Program Files\IBM\WebSphere\Plugin/config/webserver/plugin-key.sth"/>
</Transport>
</Server>
</ServerCluster>
......
<!--HTTP server plugin config file for the webserver ing-4Node01Cell.ing-4Node01.webserver generated on 2007.08.23 at 02:34:23 PM CST-->
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="C:\Program Files\IBM\WebSphere\Plugin/logs/webserver/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="server1_ing-4Node01_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="ing-4Node01_server1" ServerIOTimeout="0" WaitForContinue="false">
<Transport Hostname="ing-4" Port="9080" Protocol="http"/>
<Transport Hostname="ing-4" Port="9443" Protocol="https">
<Property Name="keyring" Value="C:\Program Files\IBM\WebSphere\Plugin/config/webserver/plugin-key.kdb"/>
<Property Name="stashfile" Value="C:\Program Files\IBM\WebSphere\Plugin/config/webserver/plugin-key.sth"/>
</Transport>
</Server>
</ServerCluster>
......